Keep off the cloud, warns EU financial regulator

The EU Banking Authority says banks should be wary of vendor lock-in and security when using the cloud

The EU Banking Authority (EBA) has warned financial institutions moving to the cloud are risking their freedom by being locked into using particular vendor's service and being forced to onboard subcontractors from "high risk areas".

The EBAs report "on the prudential risks and opportunities arising for institutions from fintech" highlighted cloud servces as one of the seven key risks and opportunities to financial institutions, alongside other technologies such as blockchain and Big Data.

The report explained that businesses choosing to use the cloud are putting both their own organisations and others in the sector at risk because "large suppliers of cloud services could become a single point of failure should many institutions rely on them".

“Additionally, a possible impact on the wider operational risk could arise from issues with data security, systems and banking secrecy, especially when cloud services are hosted in jurisdictions subject to different laws and regulations from the institution,” the report continued.

The EBA advises financial businesses only to use cloud technologies if security is not a primary concern and recommended businesses intent on using cloud services consider a private cloud set-up, rather than public cloud services.

"[Private cloud] allows the most flexibility in data processing and security. On the other hand, private clouds are typically less scalable and more expensive than public clouds," the report said.

It also warned against financial firms using subcontractors because it poses a risk to the institution. If a business cannot control the technological infrastructure used by a Virtual Cloudsvider, it could affect the ICT outsourcing risk of that business.